Their world is your Oyster
Credit card companies are getting very excited about the benefits of "contactless" cards: credit cards that you can use to pay for small items like a coffee or a paper by waving it in front of a reader. Because you don't have to enter a PIN, this makes the card very quick and convenient to use, and reduces the risk of employee dishonesty for store owners.
In London, a similar system is used by Oyster top up cards for public transport. This technology has also been included in some new credit cards. Barclaycard have launched a "three-in-one" OnePulse card that combines a credit card, Oyster card and cashless payment facility, and Halifax have started to send out the first of their "Visa payWave" cards to customers in London in advance of rolling the card out in the new year.
In London, a similar system is used by Oyster top up cards for public transport. This technology has also been included in some new credit cards. Barclaycard have launched a "three-in-one" OnePulse card that combines a credit card, Oyster card and cashless payment facility, and Halifax have started to send out the first of their "Visa payWave" cards to customers in London in advance of rolling the card out in the new year.
The convenience comes at a price though, because the technology that allows you to wave a card in front of a payment reader also leaves the card vulnerable to fraud. It looks like the cat and mouse game that the card industry has played for years with fraudsters is going to enter a new arena.
Delegates at Cartes 2007, the trade fair for the credit card industry have been warned that contactless credit cards are already being targeted by criminals. And it's easy to see why.
The same technology that makes it easy to make a purchase by swiping your card over a contactless purchase point makes it easy to swipe your details without you knowing. In fact, you could have your card in your pocket or bag and still have it read by a crook. There would be no CCTV recording of you being ripped off, and thieves don't need to risk physical contact or carry the physical evidence of the theft.
So how likely is it? There are two major weaknesses: crooks teaming up with crooked retailers, and unscrupulous retailers overcharging by small amounts.
The cards emit a signal which can be detected by legitimate card readers at distances of up to 10cm. It's possible for criminals to get this close, but all you would have to do to increase the range is increase the power of the receiver. Some experiments have shown that it's possible to pick up signals up to 65cm away from the card.
Banks say that even if the cards are read, the only information captured will be the contactless payment details. Apacs, the card industry body, points out that there is a £10 limit on contactless card use: "And the technology requires that either by time period, amount of times used, or value of items purchased, holders have to re-enter their pin to verify transactions."
Although the card data alone may be of little help to criminals, it's likely that fraudsters will set themselves up as retailers to try to cheat the system, and there are reports of internet sites that explain how to do this.
The second weakness - unscrupulous and systematic overcharging by retailers - is probably harder to spot. Although Barclaycard and Halifax plan to send out regular statements, its less clear who will be able to recognise being overcharged for small amounts and be bothered to complain.
Apacs recgnises that these risks exist, but contends that fraudsters are more interested in collecting lots of small sums when they could focus their efforts on larger rewards. Anyone with a recollection of the plot of Superman III may be inclined to disagree…
Added : Monday 17th March 2008 10:55
Tagged In : Money | Credit Cards
